better-auth-mercadopago 0.1.9 → 0.2.1

package/dist/security.js

@@ -0,0 +1,300 @@
+import crypto from "node:crypto";
+import { APIError } from "better-auth/api";
+/**
+ * Verify Mercado Pago webhook signature
+ * https://www.mercadopago.com/developers/en/docs/subscriptions/additional-content/security/signature
+ */
+export function verifyWebhookSignature(params) {
+    const { xSignature, xRequestId, dataId, secret } = params;
+    if (!xSignature || !xRequestId) {
+        return false;
+    }
+    // Parse x-signature header
+    // Format: "ts=1234567890,v1=hash"
+    const parts = xSignature.split(",");
+    const ts = parts.find((p) => p.startsWith("ts="))?.split("=")[1];
+    const hash = parts.find((p) => p.startsWith("v1="))?.split("=")[1];
+    if (!ts || !hash) {
+        return false;
+    }
+    // Build the manifest (exactly as MP does)
+    const manifest = `id:${dataId};request-id:${xRequestId};ts:${ts};`;
+    // Create HMAC SHA256
+    const hmac = crypto.createHmac("sha256", secret);
+    hmac.update(manifest);
+    const expectedHash = hmac.digest("hex");
+    // Compare hashes (constant-time comparison)
+    return crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(expectedHash));
+}
+/**
+ * Rate limiting store (in-memory, use Redis in production)
+ */
+class RateLimiter {
+    attempts = new Map();
+    check(key, maxAttempts, windowMs) {
+        const now = Date.now();
+        const record = this.attempts.get(key);
+        if (!record || now > record.resetAt) {
+            this.attempts.set(key, {
+                count: 1,
+                resetAt: now + windowMs,
+            });
+            return true;
+        }
+        if (record.count >= maxAttempts) {
+            return false;
+        }
+        record.count++;
+        return true;
+    }
+    cleanup() {
+        const now = Date.now();
+        for (const [key, record] of this.attempts.entries()) {
+            if (now > record.resetAt) {
+                this.attempts.delete(key);
+            }
+        }
+    }
+}
+export const rateLimiter = new RateLimiter();
+// Cleanup every 5 minutes
+setInterval(() => rateLimiter.cleanup(), 5 * 60 * 1000);
+/**
+ * Validate payment amount to prevent manipulation
+ */
+export function validatePaymentAmount(requestedAmount, mpPaymentAmount, tolerance = 0.01) {
+    const diff = Math.abs(requestedAmount - mpPaymentAmount);
+    return diff <= tolerance;
+}
+/**
+ * Sanitize metadata to prevent injection attacks
+ */
+export function sanitizeMetadata(
+// biome-ignore lint/suspicious/noExplicitAny: <necessary>
+metadata) {
+    // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+    const sanitized = {};
+    for (const [key, value] of Object.entries(metadata)) {
+        // Prevent prototype pollution
+        if (key === "__proto__" || key === "constructor" || key === "prototype") {
+            continue;
+        }
+        // Limit metadata size
+        if (typeof value === "string" && value.length > 5000) {
+            sanitized[key] = value.substring(0, 5000);
+        }
+        else if (typeof value === "object" && value !== null) {
+            // Recursively sanitize nested objects
+            sanitized[key] = sanitizeMetadata(value);
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Validate callback URL to prevent open redirects
+ */
+export function validateCallbackUrl(url, allowedDomains) {
+    try {
+        const parsed = new URL(url);
+        // Only allow HTTPS in production
+        if (process.env.NODE_ENV === "production" && parsed.protocol !== "https:") {
+            return false;
+        }
+        // Check if domain is allowed
+        const hostname = parsed.hostname;
+        return allowedDomains.some((domain) => {
+            if (domain.startsWith("*.")) {
+                // Wildcard subdomain
+                const baseDomain = domain.substring(2);
+                return hostname.endsWith(baseDomain);
+            }
+            return hostname === domain;
+        });
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Idempotency key validation
+ */
+export function validateIdempotencyKey(key) {
+    // UUID v4 format or custom format
+    const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+    const customRegex = /^[a-zA-Z0-9_-]{8,64}$/;
+    return uuidRegex.test(key) || customRegex.test(key);
+}
+/**
+ * Prevent timing attacks on webhook validation
+ */
+export function secureCompare(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    try {
+        return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Error codes mapping
+ */
+export const MercadoPagoErrorCodes = {
+    // Authentication
+    INVALID_API_KEY: "invalid_api_key",
+    UNAUTHORIZED: "unauthorized",
+    // Payment errors
+    INSUFFICIENT_FUNDS: "cc_rejected_insufficient_amount",
+    INVALID_CARD: "cc_rejected_bad_filled_card_number",
+    CARD_DISABLED: "cc_rejected_card_disabled",
+    MAX_ATTEMPTS: "cc_rejected_max_attempts",
+    DUPLICATED_PAYMENT: "cc_rejected_duplicated_payment",
+    // Subscription errors
+    SUBSCRIPTION_NOT_FOUND: "subscription_not_found",
+    SUBSCRIPTION_ALREADY_CANCELLED: "subscription_already_cancelled",
+    // General
+    INVALID_PARAMETER: "invalid_parameter",
+    RESOURCE_NOT_FOUND: "resource_not_found",
+    INTERNAL_SERVER_ERROR: "internal_server_error",
+};
+/**
+ * Custom error class for Mercado Pago errors
+ */
+export class MercadoPagoError extends Error {
+    code;
+    message;
+    statusCode;
+    details;
+    constructor(code, message, statusCode = 400, 
+    // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+    details) {
+        super(message);
+        this.code = code;
+        this.message = message;
+        this.statusCode = statusCode;
+        this.details = details;
+        this.name = "MercadoPagoError";
+    }
+    toAPIError() {
+        const errorMap = {
+            400: "BAD_REQUEST",
+            401: "UNAUTHORIZED",
+            403: "FORBIDDEN",
+            404: "NOT_FOUND",
+            429: "TOO_MANY_REQUESTS",
+            500: "INTERNAL_SERVER_ERROR",
+        };
+        const type = errorMap[this.statusCode] || "BAD_REQUEST";
+        return new APIError(type, {
+            message: this.message,
+            details: this.details,
+        });
+    }
+}
+/**
+ * Handle Mercado Pago API errors
+ */ // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+export function handleMercadoPagoError(error) {
+    if (error.status) {
+        const mpError = new MercadoPagoError(error.code || "unknown_error", error.message || "An error occurred with Mercado Pago", error.status, error.cause);
+        throw mpError.toAPIError();
+    }
+    throw new APIError("INTERNAL_SERVER_ERROR", {
+        message: "Failed to process Mercado Pago request",
+    });
+}
+/**
+ * Webhook event types validation
+ */
+export const VALID_WEBHOOK_TOPICS = [
+    "payment",
+    "merchant_order",
+    "subscription_preapproval",
+    "subscription_preapproval_plan",
+    "subscription_authorized_payment",
+    "point_integration_wh",
+    "topic_claims_integration_wh",
+    "topic_merchant_order_wh",
+    "delivery_cancellation",
+];
+export function isValidWebhookTopic(topic) {
+    return VALID_WEBHOOK_TOPICS.includes(topic);
+}
+/**
+ * Idempotency store (in-memory, use Redis in production)
+ */
+class IdempotencyStore {
+    // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+    store = new Map();
+    // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+    get(key) {
+        const record = this.store.get(key);
+        if (!record || Date.now() > record.expiresAt) {
+            this.store.delete(key);
+            return null;
+        }
+        return record.result;
+    }
+    // biome-ignore lint/suspicious/noExplicitAny: <necessary>
+    set(key, result, ttlMs = 24 * 60 * 60 * 1000) {
+        this.store.set(key, {
+            result,
+            expiresAt: Date.now() + ttlMs,
+        });
+    }
+    cleanup() {
+        const now = Date.now();
+        for (const [key, record] of this.store.entries()) {
+            if (now > record.expiresAt) {
+                this.store.delete(key);
+            }
+        }
+    }
+}
+export const idempotencyStore = new IdempotencyStore();
+// Cleanup every hour
+setInterval(() => idempotencyStore.cleanup(), 60 * 60 * 1000);
+/**
+ * CSRF token validation
+ */
+export function validateCSRFToken(token, expectedToken) {
+    return secureCompare(token, expectedToken);
+}
+/**
+ * Input validation helpers
+ */
+export const ValidationRules = {
+    email: (email) => {
+        const regex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        return regex.test(email) && email.length <= 255;
+    },
+    amount: (amount) => {
+        return amount > 0 && amount <= 999999999 && !Number.isNaN(amount);
+    },
+    currency: (currency) => {
+        const validCurrencies = [
+            "ARS",
+            "BRL",
+            "CLP",
+            "MXN",
+            "COP",
+            "PEN",
+            "UYU",
+            "USD",
+        ];
+        return validCurrencies.includes(currency);
+    },
+    frequency: (frequency) => {
+        return frequency > 0 && frequency <= 365 && Number.isInteger(frequency);
+    },
+    userId: (userId) => {
+        // UUID or custom ID format
+        return /^[a-zA-Z0-9_-]{1,100}$/.test(userId);
+    },
+};
+//# sourceMappingURL=security.js.map

package/dist/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAKtC;IACA,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1D,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,kCAAkC;IAClC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACd,CAAC;IAED,0CAA0C;IAC1C,MAAM,QAAQ,GAAG,MAAM,MAAM,eAAe,UAAU,OAAO,EAAE,GAAG,CAAC;IAEnE,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAExC,4CAA4C;IAC5C,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,WAAW;IACR,QAAQ,GAAoD,IAAI,GAAG,EAAE,CAAC;IAE9E,KAAK,CAAC,GAAW,EAAE,WAAmB,EAAE,QAAgB;QACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtC,IAAI,CAAC,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE;gBACtB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,GAAG,GAAG,QAAQ;aACvB,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACb,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,WAAW,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACd,CAAC;QAED,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACb,CAAC;IAED,OAAO;QACN,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YACrD,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3B,CAAC;QACF,CAAC;IACF,CAAC;CACD;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAE7C,0BAA0B;AAC1B,WAAW,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACpC,eAAuB,EACvB,eAAuB,EACvB,YAAoB,IAAI;IAExB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,GAAG,eAAe,CAAC,CAAC;IACzD,OAAO,IAAI,IAAI,SAAS,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;AAC/B,0DAA0D;AAC1D,QAA6B;IAG7B,0DAA0D;IAC1D,MAAM,SAAS,GAAwB,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,8BAA8B;QAC9B,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACzE,SAAS;QACV,CAAC;QAED,sBAAsB;QACtB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YACtD,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3C,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACxD,sCAAsC;YACtC,SAAS,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACP,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;IACF,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAClC,GAAW,EACX,cAAwB;IAExB,IAAI,CAAC;QACJ,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAE5B,iCAAiC;QACjC,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC3E,OAAO,KAAK,CAAC;QACd,CAAC;QAED,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACrC,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,qBAAqB;gBACrB,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBACvC,OAAO,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACtC,CAAC;YACD,OAAO,QAAQ,KAAK,MAAM,CAAC;QAC5B,CAAC,CAAC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAC;IACd,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IACjD,kCAAkC;IAClC,MAAM,SAAS,GACd,wEAAwE,CAAC;IAC1E,MAAM,WAAW,GAAG,uBAAuB,CAAC;IAE5C,OAAO,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS,EAAE,CAAS;IACjD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACJ,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAC;IACd,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACpC,iBAAiB;IACjB,eAAe,EAAE,iBAAiB;IAClC,YAAY,EAAE,cAAc;IAE5B,iBAAiB;IACjB,kBAAkB,EAAE,iCAAiC;IACrD,YAAY,EAAE,oCAAoC;IAClD,aAAa,EAAE,2BAA2B;IAC1C,YAAY,EAAE,0BAA0B;IACxC,kBAAkB,EAAE,gCAAgC;IAEpD,sBAAsB;IACtB,sBAAsB,EAAE,wBAAwB;IAChD,8BAA8B,EAAE,gCAAgC;IAEhE,UAAU;IACV,iBAAiB,EAAE,mBAAmB;IACtC,kBAAkB,EAAE,oBAAoB;IACxC,qBAAqB,EAAE,uBAAuB;CACrC,CAAC;AAEX;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAElC;IACS;IACT;IAEA;IALR,YACQ,IAAY,EACH,OAAe,EACxB,aAAqB,GAAG;IAC/B,0DAA0D;IACnD,OAAa;QAEpB,KAAK,CAAC,OAAO,CAAC,CAAC;QANR,SAAI,GAAJ,IAAI,CAAQ;QACH,YAAO,GAAP,OAAO,CAAQ;QACxB,eAAU,GAAV,UAAU,CAAc;QAExB,YAAO,GAAP,OAAO,CAAM;QAGpB,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IAChC,CAAC;IAED,UAAU;QACT,MAAM,QAAQ,GAsDV;YACH,GAAG,EAAE,aAAa;YAClB,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,WAAW;YAChB,GAAG,EAAE,mBAAmB;YACxB,GAAG,EAAE,uBAAuB;SAC5B,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC;QAExD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACrB,CAAC,CAAC;IACJ,CAAC;CACD;AAED;;GAEG,CAAC,0DAA0D;AAC9D,MAAM,UAAU,sBAAsB,CAAC,KAAU;IAChD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,IAAI,gBAAgB,CACnC,KAAK,CAAC,IAAI,IAAI,eAAe,EAC7B,KAAK,CAAC,OAAO,IAAI,qCAAqC,EACtD,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,KAAK,CACX,CAAC;QACF,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAC5B,CAAC;IAED,MAAM,IAAI,QAAQ,CAAC,uBAAuB,EAAE;QAC3C,OAAO,EAAE,wCAAwC;KACjD,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IACnC,SAAS;IACT,gBAAgB;IAChB,0BAA0B;IAC1B,+BAA+B;IAC/B,iCAAiC;IACjC,sBAAsB;IACtB,6BAA6B;IAC7B,yBAAyB;IACzB,uBAAuB;CACd,CAAC;AAIX,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAChD,OAAO,oBAAoB,CAAC,QAAQ,CAAC,KAAqB,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,gBAAgB;IACrB,0DAA0D;IAClD,KAAK,GAAoD,IAAI,GAAG,EAAE,CAAC;IAE3E,0DAA0D;IAC1D,GAAG,CAAC,GAAW;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,MAAM,CAAC,MAAM,CAAC;IACtB,CAAC;IAED,0DAA0D;IAC1D,GAAG,CAAC,GAAW,EAAE,MAAW,EAAE,QAAgB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;QAChE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YACnB,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;QACN,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAClD,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC;QACF,CAAC;IACF,CAAC;CACD;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAC;AAEvD,qBAAqB;AACrB,WAAW,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AAE9D;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAChC,KAAa,EACb,aAAqB;IAErB,OAAO,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG;IAC9B,KAAK,EAAE,CAAC,KAAa,EAAW,EAAE;QACjC,MAAM,KAAK,GAAG,4BAA4B,CAAC;QAC3C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,CAAC;IACjD,CAAC;IAED,MAAM,EAAE,CAAC,MAAc,EAAW,EAAE;QACnC,OAAO,MAAM,GAAG,CAAC,IAAI,MAAM,IAAI,SAAS,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;IAED,QAAQ,EAAE,CAAC,QAAgB,EAAW,EAAE;QACvC,MAAM,eAAe,GAAG;YACvB,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;SACL,CAAC;QACF,OAAO,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAED,SAAS,EAAE,CAAC,SAAiB,EAAW,EAAE;QACzC,OAAO,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,EAAE,CAAC,MAAc,EAAW,EAAE;QACnC,2BAA2B;QAC3B,OAAO,wBAAwB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;CACD,CAAC"}